aiden
/
tailchat
mirror of https://github.com/msgbyte/tailchat
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: fix xss attacks caused by security issues in custom web group panels

Browse Source
pull/146/merge
moonrailgun 2 years ago
parent b6d58116f3
commit 81a062a70b
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File

7
client/web/plugins/com.msgbyte.webview/src/group/GroupCustomWebPanelRender.tsx
Unescape Escape View File

@ -1,6 +1,6 @@
import React, { useEffect, useRef, useState } from 'react'; import React, { useEffect, useRef, useState } from 'react';
import { Translate } from '../translate'; import { Translate } from '../translate';
import { FilterXSS } from 'xss'; import { FilterXSS, getDefaultWhiteList } from 'xss';
import { useWatch } from '@capital/common'; import { useWatch } from '@capital/common';
import { GroupExtraDataPanel, NoData, TextArea } from '@capital/component'; import { GroupExtraDataPanel, NoData, TextArea } from '@capital/component';
import styled from 'styled-components'; import styled from 'styled-components';
@ -26,10 +26,9 @@ const EditModalContent = styled.div`
const xss = new FilterXSS({ const xss = new FilterXSS({
css: false, css: false,
whiteList: { ...getDefaultWhiteList(), iframe: ['src', 'style', 'class'] },
onIgnoreTag: function (tag, html, options) { onIgnoreTag: function (tag, html, options) {
if ( if (['html', 'body', 'head', 'meta', 'style', 'div'].includes(tag)) {
['html', 'body', 'head', 'meta', 'style', 'iframe', 'div'].includes(tag)
) {
// 不对其属性列表进行过滤 // 不对其属性列表进行过滤
return html; return html;
} }

Write Preview
Loading…
Cancel
Save